Skills
skills/aradotso/trending-skills/maante-game-automation/Gen Agent Trust Hub

maante-game-automation

Fail

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to download and extract software releases from an unverified third-party GitHub repository (github.com/1bananachicken/MaaNTE/releases) as well as framework binaries from github.com/MaaXYZ/MaaFramework/releases.
  • [REMOTE_CODE_EXECUTION]: The installation workflow involves downloading pre-compiled executables and binaries that are executed locally. Furthermore, the skill provides and encourages the use of custom Python scripts (custom/my_action.py) that are dynamically loaded and executed by the automation framework.
  • [COMMAND_EXECUTION]: The documentation contains instructions for executing potentially dangerous system-level commands, including requirement installations (pip install) and repository cloning. Crucially, it instructs the user to 'Run as Administrator', which grants the automation tool full control over the host system.
  • [PROMPT_INJECTION]: The skill includes instructions to 'Disable antivirus software if detection issues arise'. This is a high-risk instruction that bypasses critical system safety filters and encourages the user to lower their security posture to execute unverified code.
  • [PROMPT_INJECTION]: Indirect injection attack surface identified:
  • Ingestion points: The skill ingests untrusted data from the game environment through Optical Character Recognition (OCR) and image template matching as defined in SKILL.md and the pipeline/ directory.
  • Boundary markers: None. The pipeline task definitions do not include delimiters or instructions for the agent to ignore embedded content within processed game data.
  • Capability inventory: The skill possesses capabilities to simulate mouse/keyboard input (Click, Key, Seize), control application processes (StartApp, StopApp), and execute arbitrary Python logic via custom actions as demonstrated in custom/my_action.py.
  • Sanitization: There is no evidence of sanitization or validation of external content (OCR text or image matches) before it is used to parameterize actions or influence the logic of custom scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 30, 2026, 10:51 PM